CVE-2021-33503
- EPSS 3.27%
- Veröffentlicht 29.06.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:08:58
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed ...
CVE-2021-33515
- EPSS 2.84%
- Veröffentlicht 28.06.2021 13:15:20
- Zuletzt bearbeitet 21.11.2024 06:08:59
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
CVE-2020-28200
- EPSS 1.97%
- Veröffentlicht 28.06.2021 13:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:28
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
CVE-2021-29157
- EPSS 0.47%
- Veröffentlicht 28.06.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:00:48
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation w...
CVE-2021-32708
- EPSS 3.49%
- Veröffentlicht 24.06.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:34
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The ...
CVE-2021-0561
- EPSS 0.47%
- Veröffentlicht 22.06.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:42:55
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ...
CVE-2021-29063
- EPSS 4.1%
- Veröffentlicht 21.06.2021 20:15:09
- Zuletzt bearbeitet 21.11.2024 06:00:37
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.
CVE-2020-18442
- EPSS 0.75%
- Veröffentlicht 18.06.2021 15:15:08
- Zuletzt bearbeitet 10.07.2025 15:44:54
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2021-34825
- EPSS 0.62%
- Veröffentlicht 17.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:11:16
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
CVE-2021-3603
- EPSS 2.26%
- Veröffentlicht 17.06.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:21:57
PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the defa...